News: This BB is intended for the sole purpose of sharing conversion and bus related information among visitors to our web site. These rules must be followed in order for us to continue this free exchange of info. No bad mouthing of any business or individual is permitted. Absolutely no items for sale are to be posted, except in the Spare Tire board. Interested in placing a classified or web ad, please contact our advertising dept. at (657) 221-0432 or e-mail to: info@busconversions.com.

Dave - cut the header out of the email (more on this in a minute) and paste it into the text box on http://www.spamcop.com/ . Hit the interrogate button and you should get the abuse address for this server. I have to say that I think RR is terrible about responding to abuse posts... I have been getting a joe job spam attack from RR for a while and they don't seem to want to lock it down. At any rate, give it a try and maybe you will get results.

I use Front Range Internet, a local ISP operating north of Denver and they have MailAmory whichscans all incoming emails for trojans, worms, and viruses and captures them. In 7 years I haveNEVER been damaged by a virus of any kind. Back in 1999-2000 or so, I got viruses but wasusing Netscape 4.x as a mail reader and most of the worms exploited problems in MicrosoftOutlook or Outlook express which I avoid using for that reason. Netscape didn't recognize thesecurity hole they were trying to exploit.

I have my own servers and are bulk hosted by Rackspace in Dallas TX, We have some pretty tough screensand stuff doesn't get through. But the notifications of actions taken are reported.

There were some changes made yesterday to the antispam system and it's really working overtime now. Maybe thatwill take care of that problem. I am sure that IP has been listed in SpamCop and other RBL systems by now.

It is showing in lists that report all dynamic IP's, something that has very limited value for most applications because it would block a lot of legitimate emails. But that has nothing to do with being reported for spam.

So if you still have the emails and their headers, I would definitely report them to spamcop and sorbs. In general, one report won't get an IP listed. But if several people report it then they will. Once in those lists, most others will pick them up.

If it was easy to block I wouldn't have asked if anyone else was seeing the same IP. Our filters dont alwayscatch an IP source and have the ability to block that IP. It actually reports back as an IP in Huntington Beach California.

Whatever software is causing the problem it is directly doing a (HELO) to my server with no intermediate servers shown in the headers, Just the IP source and resolved source. I am beginning to worry that there is a backdoor hole in Qmail that is allowing this malicious software to channel in through an SMTP port somehow.

I am going to leave it to the engineers at Rackspace to worry over since they are getting the big bucks now forserver support and bulk hosting.